Ergomotion IOR — Project Build Plan

How 6 Weeks Works

Parallel tracks — Both engineers work on different tickets simultaneously every single week.
Merge small tickets — T1+T2 share Week 1. T5 overlaps T4. T8 overlaps T6.
Mock everything blocked — 6 SAP APIs are blocked. Build all Lambdas against mocks. Swap URLs when APIs ship.
Shadow mode is 3 days, not 2 weeks — Validate data parity with automated scripts, not calendar time.
No scope creep — Document Distribution Pipeline is out. Period.

Team

⚖

Tech Lead — Nayan

Architecture, VPC/IAM/security, core business logic (processor, ETL, comparison engine), SAP coordination, code review, cutover. ~40% of total work.

❮/❯

Full-Stack Engineer

CDK stacks (S3, DynamoDB, ECS, CF), CI/CD, Lambda replication, React frontend, Docker, validation scripts, monitoring, tests. ~60% of total work.

External Dependency: 6 of 8 SAP APIs must be built by the SAP team. Only ZFMIOR002 and ZFMIOR003 are live. This does NOT block the 6-week timeline — all Lambdas are built against mocks. Swap URL when APIs ship.

System Architecture — 8 Layers

Ergomotion IOR — AWS Architecture

SAP-integrated, event-driven pipeline. Each layer maps to specific tickets below.

SAP China

ZFMIOR002 — Product WeightsLIVE

ZFMIOR003 — PackagingLIVE

ZEMM005 — HTS/TariffTO BUILD

ZEMM004 — Customs LinesTO BUILD

ZEMM07 — VerificationTO BUILD

ZSDR002 — InvoiceTO BUILD

MIGO — Goods ReceiptTO BUILD

Ingestion

EventBridge SchedulerT3

7 Ingestion LambdasT3

SQS Dead Letter QueueT3

S3 Raw Landing Zone (JSON)T2

ETL

etl-product-master (weights + HTS join)T4

etl-hts-reference (rates, sequencing)T4

etl-transactions (ZSDR002/ZEMM004)T4

etl-packaging (normalize)T4

Schema Validation FrameworkT4

SNS Quality AlertsT4

Storage

DynamoDB: ProductMasterT2

DynamoDB: HTSReferenceT2

DynamoDB: TariffSequencingT2

DynamoDB: TransactionDataT2

S3 Processed (Parquet)T2

S3 Customs OutputT2

Application

ECS Fargate — FastAPI (1 vCPU / 2GB)T6

Application Load Balancer + WAFT6

S3 + CloudFront — React SPAT7

JWT Auth + DynamoDB UsersT8

Auto-Gen

generate-customs-lines LambdaT9

EventBridge Daily TriggerT9

S3: customs-output/YYYY-MM-DD/T9

Compare

Comparison Lambda (field-by-field)T9

S3: Comparison ReportsT9

SNS Discrepancy AlertsT9

Audit

S3 Audit Bucket (Object Lock COMPLIANCE)T2

S3 Glacier — 7-Year ArchiveT2

CloudTrail (all S3 + DynamoDB ops)T10

Security

AWS Secrets Manager (SAP creds, JWT)T1

VPC — Private/Public SubnetsT1

IAM Roles (least-privilege per service)T2

WAF on ALB + CloudFrontT6

S3 SSE-KMS EncryptionT2

Monitoring

CloudWatch DashboardsT10

CloudWatch AlarmsT10

SNS → Email/Slack AlertsT10

GitHub Actions CI/CD (4 pipelines)T1

10 Tickets

Week-by-Week Parallel Tracks

Wk 1

Tech Lead

T1 + T2

VPC design, IAM roles, Secrets, audit S3 lock, cross-account policy

Full-Stack

T1 + T2

CDK scaffold, 4 CI/CD pipelines, S3 buckets, DynamoDB tables, ECR

Wk 2

Tech Lead

Template Lambda, SQS/DLQ pattern, retry logic

Full-Stack

Replicate 6 Lambdas from template, EventBridge, unit tests

Wk 3

Tech Lead

3 ETL jobs (product-master, hts-reference, transactions), schema framework

Full-Stack

T4 + T5

etl-packaging, SNS alerts, then 4 validation scripts (shadow mode)

Wk 4

Tech Lead

T6 + T8

data_loader.py refactor, auth fix (main.py, user_storage.py, DynamoDB users)

Full-Stack

T6 + T8

Dockerfile, ECS/ALB/WAF CDK, new API endpoints, frontend auth cleanup

Wk 5

Tech Lead

comparison.py engine, generate-customs-lines Lambda, orchestration

Full-Stack

T7 + T9

CloudFront CDK, React dashboards (customs lines + comparison), SNS alerts

Wk 6

Tech Lead

T10

Parallel run validation, output parity check, cutover decision

Full-Stack

T10

CloudWatch dashboards + alarms, SNS routing, runbook, fallback test

Workload Split

Ticket	Tech Lead	Full-Stack	Week
T1 Infra + CI/CD	30%	70%	1
T2 Storage Layer	30%	70%	1
T3 Ingestion Lambdas	35%	65%	2
T4 ETL Processing	70%	30%	3
T5 Shadow Validation	20%	80%	3
T6 Backend → ECS	40%	60%	4
T7 Frontend → CF	15%	85%	5
T8 Auth Fix	65%	35%	4
T9 Auto-Gen + Compare	70%	30%	5
T10 Monitor + Cutover	35%	65%	6

Tech Lead ~40% Full-Stack ~60%

Open Decisions (Resolve End of Week 1)

ETL Technology

Recommended: Lambda

Tiny data volume (~73 products, ~67 packaging, ~21 HTS). Lambda + pandas is 35x cheaper than Glue.

Authentication

Recommended: JWT + DynamoDB

Lowest risk. Move users.json to DynamoDB. Defer Cognito/Entra ID until M365 decision is final.

Risk Mitigations

Risk	Mitigation
SAP team delays on 6 APIs	Build against mocks from day 1. Swap URLs when APIs ship.
6 weeks is tight	Parallel tracks every week. No idle time. Daily standups.
Cross-account S3 complexity	Agreed Mar 26 meeting. Test in Week 1.
Auth migration breaks things	T8 isolated in Week 4. Test in staging first.
Processor output differs	Shadow mode (T5 Week 3) catches before cutover.
Scope creep	Document Distribution Pipeline is OUT. No exceptions.

IOR Automation — Build Plan

How 6 Weeks Works

Tech Lead — Nayan

Full-Stack Engineer

ETL Technology

Authentication